Build & Push Fetch-Repos Bot Runner image (Kaniko) #24

	name: Build & Push with Kaniko
	on: [workflow_dispatch]

	env:
	IMAGE: ghcr.io/joshyorko/fetch-repos-bot-runner

	jobs:
	build:
	runs-on: fetch-repos-bot-runner-k8s-kaniko
	# Run the whole job inside Kaniko’s image — no docker:// indirection
	container:
	image: gcr.io/kaniko-project/executor:v1.23.2
	permissions:
	contents: read # checkout
	packages: write # push to GHCR

	steps:
	- uses: actions/checkout@v4

	- name: Write GHCR auth file
	run: \|
	mkdir -p /kaniko/.docker
	echo "{\"auths\":{\"ghcr.io\":{\"auth\":\"$(echo -n '${{ github.actor }}:${{ secrets.CR_PAT }}' \| base64 -w0)\"}}}" \
	> /kaniko/.docker/config.json

	- name: Build & push
	run: \|
	/kaniko/executor --dockerfile Dockerfile \
	--context . \
	--destination ${IMAGE}:${GITHUB_SHA::7} \
	--cache=true --cache-repo=${IMAGE}-cache:latest

	- name: Tag latest on default branch
	if: github.ref == 'refs/heads/main'
	run: \|
	/kaniko/executor --dockerfile Dockerfile \
	--context . \
	--destination ${IMAGE}:latest \
	--cache=true --cache-repo=${IMAGE}-cache:latest

Provide feedback